lvqcl wrote:> I have a couple of questions: > > 1) Do you plan to release 1.3.1 pre1, pre2 etc or just 1.3.1 w/o any pre-releases?I had not planned to do a pre-release.> 2) Do you plan to release any official binaries (flac, metaflac, maybe something else)?Nor had I planned to release binaries. The source code tarball ends up here: https://svn.xiph.org/releases/flac/ I not sure where people normally get binaries (other than Linux users downloading it via their distribution). Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/
On 23.11.2014 12:44, Erik de Castro Lopo wrote:> lvqcl wrote: >> 2) Do you plan to release any official binaries (flac, metaflac, maybe something else)? > Nor had I planned to release binaries.At least Windows users expect to find official version at https://xiph.org/flac/download.html. Right now it links to old sourceforge page http://sourceforge.net/projects/flac/files/flac-win/ that only has version 1.2.1.
Janne Hyv?rinen wrote:> At least Windows users expect to find official version at > https://xiph.org/flac/download.html. Right now it links to old > sourceforge page http://sourceforge.net/projects/flac/files/flac-win/ > that only has version 1.2.1.And even more unfortunate, this SF page states: "Looking for the latest version? Download flac-1.2.1b.exe (2.7 MB)" "flac-1.2.1-win 4755 downloads/week"
Erik de Castro Lopo wrote:> I had not planned to do a pre-release.Are there any compilers for ia32/x86-64 that don't support Intel-style intrinsics? If yes then the definition of FLAC__HAS_X86INTRIN should be fixed before the release, IMHO.
I'd definately recommend binaries for download as suggested by lvqcl and Janne Hyv?rinen. All the fabolous work on the code base is of little use to me if I can not find binaries at the official site. Olav Sunde At 12:01 23.11.2014, Janne Hyv?rinen wrote:>On 23.11.2014 12:44, Erik de Castro Lopo wrote: >> lvqcl wrote: >>> 2) Do you plan to release any official binaries (flac, metaflac, maybe something else)? >> Nor had I planned to release binaries. > >At least Windows users expect to find official version at >https://xiph.org/flac/download.html. Right now it links to old >sourceforge page http://sourceforge.net/projects/flac/files/flac-win/ >that only has version 1.2.1. > >_______________________________________________ >flac-dev mailing list >flac-dev at xiph.org >http://lists.xiph.org/mailman/listinfo/flac-dev-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/flac-dev/attachments/20141123/500e1607/attachment.htm
On 2014-11-23 3:01 AM, Janne Hyv?rinen wrote:> At least Windows users expect to find official version at > https://xiph.org/flac/download.html. Right now it links to old > sourceforge page http://sourceforge.net/projects/flac/files/flac-win/ > that only has version 1.2.1.Is this just a static build of the 'flac' command-line tool? I can do that for 1.3.0 and 1.3.1, or we can do a cross-build with gcc on Linux. On MacOS X, flac is available through homebrew, and I've been maintaining that. -r
On Sun, Nov 23, 2014 at 02:44:00AM -0800, Erik de Castro Lopo wrote:> lvqcl wrote: > > > I have a couple of questions: > > > > 1) Do you plan to release 1.3.1 pre1, pre2 etc or just 1.3.1 w/o any pre-releases? > > I had not planned to do a pre-release.FWIW, considering how much code has changed since 1.3.0, I'd rather see the security bug fixed in a new 1.3.0 release, maybe with some other serious bugs like the metaflac memory corruction, and have a prerelease for 1.3.1 to test it thoroughly. I know the new release is almost ready, but if some serious bug is found in 1.3.1, a new release will have to be made anyway to not force the users to the vulnerable version. -- Miroslav Lichvar
I agree with Miroslav. It is a good practice to make a security release on a "branch" of the stable, shipped code, so that people can obtain the security fix with minimal risk to other changes. Even if the new code passes all tests fairly soon, it wouldn't hurt to have a couple of releases - one purely for security, the next with new changes in other areas. Brian Willoughby On Nov 24, 2014, at 12:47 AM, Miroslav Lichvar <mlichvar at redhat.com> wrote: On Sun, Nov 23, 2014 at 02:44:00AM -0800, Erik de Castro Lopo wrote:> lvqcl wrote: > >> I have a couple of questions: >> >> 1) Do you plan to release 1.3.1 pre1, pre2 etc or just 1.3.1 w/o any pre-releases? > > I had not planned to do a pre-release.FWIW, considering how much code has changed since 1.3.0, I'd rather see the security bug fixed in a new 1.3.0 release, maybe with some other serious bugs like the metaflac memory corruction, and have a prerelease for 1.3.1 to test it thoroughly. I know the new release is almost ready, but if some serious bug is found in 1.3.1, a new release will have to be made anyway to not force the users to the vulnerable version. -- Miroslav Lichvar
Miroslav Lichvar wrote:> FWIW, considering how much code has changed since 1.3.0,I don't think very much has changed. The biggest changes are Martin's new apodization window changes.> I'd rather > see the security bug fixed in a new 1.3.0 release,Err, no, rolling a new release with the same number as the old release is a bad idea.> maybe with some > other serious bugs like the metaflac memory corruction, and have a > prerelease for 1.3.1 to test it thoroughly.So, you want the two CVEs fixed, plus the metaflac memory corruption fix, but want to leave behind the numerous build system improvements?> I know the new release is almost ready, but if some serious bug is > found in 1.3.1, a new release will have to be made anyway to not force > the users to the vulnerable version.The new release has been ready for some time. ALl that was missing was me to have some spare time to start the process. As lvqcl noted back in October, Foobar2000 shipped with a git version of FLAC. Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/